Last updated: 2025-11-05
This Privacy Policy applies to WHOX products and services, including our website at whox.is, our mobile and desktop apps, and our browser extensions (the «Services»). «WHOX», «we», «our» or «us» means’ ’Sam digital solutions FZE, a company registered in a UAE free zone. By accessing or using the Services you acknowledge this Policy.
Controller: Sam digital solutions FZE, a company registered in a UAE free zone.
Privacy contact: [email protected]
EEA/UK targeting: We do not directly target individuals in the EEA or the UK and do not monitor their behavior; accordingly, appointment of an EU/UK representative under GDPR Art. 27 is not required at this time. We will reassess and appoint one if our targeting changes.
This Policy covers the WHOX VPN, the WHOX website, our apps for iOS/Android/macOS/Windows, and our browser extensions. It does not apply to third‑party websites or services.
WHOX is a no‑logs VPN. We do not collect or store traffic content, browsing history, DNS queries, destination IP addresses, per‑user bandwidth, connection timestamps, or the IP address assigned to you by our VPN servers.
To keep the Services secure and reliable, we may process minimal non‑identifying technical telemetry (e.g., app version, device OS, crash diagnostics, generic performance metrics). Such telemetry does not include your browsing activity and is not used to identify you. We donot collect advertising identifiers (e.g.,IDFA/GAID).
| Category | Examples | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Account & Payments | Email (if provided), subscription status; payments viaStripe (cards), Apple App Store /Google Play (IAP),Cryptomus (crypto). | Provide paid features, billing, support, compliance. | Contract; Legal obligation. | Kept only as long as needed for billing, tax/audit, fraud/chargeback handling, and applicable limitation periods. |
| Website operations | Essential cookies; server and security logs (via CDN/WAF). | Operate, secure and debug the website; investigate incidents. | Legitimate interests; Legal obligation (security). | Retained for the shortest period necessary for operations and security; extended during active investigations or legal holds. |
| Analytics (Google Analytics) | Page views, referrers, device/OS/browser, approximate geolocation, and similar usage metrics collected byGoogle Analytics (GA4). | Measure and improve site usage and performance on an aggregate basis. | Consent where required (e.g., EEA/UK); otherwise legitimate interests where permitted. | Retention is controlled in our GA4 property and may vary by configuration/region; we choose the minimum practical setting and review periodically. |
| Support communications | Information you provide in emails or forms. | Respond to requests and resolve issues. | Contract; Legitimate interests. | Kept only as long as needed to resolve and follow‑up, subject to legal holds. |
We apply data minimization and storage limitation and keep information only as long as necessary for the stated purposes.
When you purchase via Apple App Store orGoogle Play, Apple or Google acts as theindependent controller for those transactions and processes data according to their policies. Our apps request only the minimum permissions necessary for functionality (e.g., VPN configuration, network access). For browser extensions distributed via Chrome Web Store, Firefox Add‑ons or other stores, we request permissions strictly required for features and disclose them in the store listing.
The WHOX browser extension applies privacy recipes derived from public diagnostics (such as leak checks) to reduce browser‑level anonymity gaps (for example, WebRTC and DNS leaks). Processing occurs primarily on‑device and in‑browser. The extension may periodically fetch rule updates from WHOX endpoints. We do not collect your browsing history, page content, or the list of websites you visit through the extension. You can disable the extension at any time via your browser settings.
We follow the principle of storage limitation and keep Personal Data no longer than necessary for the purposes described in this Policy. Where it is not possible to specify an exact period, we determine retention by applying criteria including:
For analytics, retention is controlled within ourGoogle Analytics (GA4) property and may vary by configuration and region. We select the minimum practical setting and review it periodically.
Where Personal Data are transferred across borders, we rely on appropriate safeguards such as EUStandard Contractual Clauses (2021/914), the UKIDTA/Addendum, Swiss FDPIC‑aligned safeguards, and supplementary measures where required. This includes transfers necessary forGoogle Analytics, Stripe,Cryptomus and app store transactions. We maintain contractual safeguards with our processors and assess their sub‑processors and locations as part of vendor due diligence.
Public blockchain networks used for cryptocurrency payments operate globally; on‑chain data may be processed outside your jurisdiction and retained indefinitely by the network.
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, object, and data portability, and to withdraw consent. We respond within legally required timeframes and may request limited information to verify your identity before responding. To exercise rights, contact us at [email protected]. You may also lodge a complaint with your local supervisory authority (including, where applicable, the UAE Data Office).
We comply with applicable US state privacy laws where relevant and do not sell or share Personal Data for cross‑context behavioral advertising.
As an entity established in the UAE, we align with the UAE Federal Decree‑Law No. 45 of 2021 on the Protection of Personal Data (PDPL).Small scale and current processing: given our small scale and absence of high‑risk or large‑scale processing, we have assessed that appointment of a Data Protection Officer (DPO) is not required at this time and that a Data Protection Impact Assessment (DPIA) is not required for our present operations. We will re‑assess these conclusions as our scale or processing activities change. We actively monitor forthcoming executive regulations to update this Policy if new binding requirements arise.
Payments & CBUAE alignment: We rely on licensed payment service providers to process payments. Our integrations are designed to respect the Central Bank of the UAE’s Consumer Protection Regulation and Standards and the Retail Payment Services and Card Schemes Regulation applicable to licensed financial institutions and their providers. We do not provide regulated payment services, do not store full card numbers, and do not custody customer funds or crypto private keys.
WHOX VPN is not offered and must not be used in the following jurisdictions:Russia, United Arab Emirates, Qatar, Iran, and China. You are responsible for ensuring that your use of the Services is lawful in your location. We may restrict access or features to comply with applicable laws and store policies.
We implement technical and organizational measures designed to protect information against unauthorized access, loss or misuse, including using PCI‑DSS compliant payment processing through Stripe and secure integrations with app stores and Cryptomus. However, no method of transmission or storage is 100% secure. Where legally required, we will notify supervisory authorities and affected users of a personal data breach within applicable statutory deadlines.
The Services are intended for users aged 18 and over. We do not knowingly collect information from children.
We do not use automated decision‑making that produces legal or similarly significant effects about you.
We may update this Policy from time to time. We actively monitor updates to the UAE PDPL, including forthcoming executive regulations expected to progress during 2025, and we will incorporate any new binding requirements. We also commit to re‑assess the need for a Data Protection Officer (DPO) and for Data Protection Impact Assessments (DPIAs) as our scale or processing activities change.
If you have questions about this Policy or your privacy rights, contact us at [email protected].